Search results for: Security

Chrome in-the-wild bug analysis: CVE-2021-30632

This post is a technical analysis of a recently disclosed Chrome JIT vulnerability (CVE-2021-30632) that was believed to be exploited in the wild. This vulnerability was reported by an anonymous researcher and was patched on September 13, 2021 in Chrome version 93.0.4577.82. I’ll cover the root cause analysis of the bug, as well as detailed exploitation.

An illustration of two octocats repairing a robot.

npm has a new access token format

npm access tokens will now follow the established format of GitHub authentication tokens as part of our work to create a more secure supply chain. Previously, the npm access tokens…

An illustration of two octocats repairing a robot.

CodeQL runner deprecation

GitHub code scanning with CodeQL works seamlessly with GitHub Actions. For users of other CI/CD systems, we provided a way to run the code analysis using the CodeQL runner. The…

Apache Dubbo: All roads lead to RCE

During an audit of Apache Dubbo v2.7.8 source code, I found multiple vulnerabilities enabling attackers to compromise and run arbitrary system commands on both Dubbo consumers and providers. In this blog post I detailed how I leveraged CodeQL as an audit oracle to help me find these issues.

The world's largest developer platform

Docs

Docs

Everything you need to master GitHub, all in one place.

GitHub

GitHub

Build what’s next on GitHub, the place for anyone from anywhere to build anything.

Customer stories

Customer stories

Meet the companies and engineering teams that build with GitHub.

GitHub Universe 2025

GitHub Universe 2025

Last chance: Save $700 on your IRL pass to Universe and join us on Oct. 28-29 in San Francisco.